800-687-2942

In the banking and financial service space, biometric authentication is quickly becoming the principal form of mobile authentication. Instead of requiring a password, more and more apps use physical or behavioral characteristics to allow customers to access and manage their money.

Your first response might be: “I already knew that. The big banks have been doing this for a few years now!” Indeed. Biometrics have been around for more than a year at some larger providers, but the rate of change is fairly rapid.

Before we address what’s next, let’s quickly summarize where biometric authentication has been.

The Rise Of The Thumbprint

“Basic” biometric authentication usually comes in the form of thumbprint or facial recognition. Customers press their thumb on a mobile device’s “home” button or snap a photo of themselves to log in.

The growth of these methods can be attributed to a few interconnected factors.

Smartphone users say their top concern when it comes to mobile banking is security. “60 Minutes” addressed this topic last spring. If you watch that report, you might be terrified by the sequence that shows a group of hackers sitting around a table calmly lift individuals’ credit card info from their phones. All they needed were phones that had the ride-sharing app Uber installed.

Adding biometrics was a logical step for banks and credit unions anxious to address security concerns. But they reaped a secondary benefit: improving customer experience.

No customer enjoys remembering all of their various passwords for the apps and web services they use. Social login — authentication through social media accounts such as Facebook or Google — became popular in the past five years for this very reason. So it’s no surprise that biometric authentication has become popular for its ease of use.

What’s Next?

Thumbprints and “selfie security” are likely just the start when it comes to biometrics. Developing security methods that banks and credit unions could start using soon include:

● The Iris Scan (sometimes mistakenly called a “retina scan”): Banking apps could require you to scan your iris, as if you’re living in a Tom Cruise movie, to access your accounts. The Samsung Galaxy Note 7 had iris-scanning technology and may have helped spread this form of authentication before its well-publicized recall. Iris scanning is considered one of the most secure forms of authentication.

● Voice Authentication: On its own, voice authentication can be problematic. Background or ambient noise can make matching voices difficult. But voice may be used with other forms of authentication for a secure login — more on that below.

● Geo-Fencing: Apps could use GPS and only allow users to log in from somewhere in the phone’s “normal” range. Banks also could place a geo-fence around their branches or headquarters so employees only could access the app from there.

● Increasing Use of Two-Step Authentication, already familiar to many users of Google or SMS. This method is becoming more common, and, as the name implies, requires users to use two forms of authentication.

● Heartbeat: A few biotech startups have been working on this, and with the corresponding rise in fitness trackers, the time may be right. Heartbeats can, however, be “hacked,” as heartbeats are not necessarily unique to an individual.

As the IoT becomes more prevalent, inanimate household objects and appliances will become internet-connected devices. One of the more well-known commercial versions right now is the Amazon Echo. Among the Echo’s features is one which enables Capital One customers to check card balances and make payments via the device. Wells Fargo and other banks are experimenting with this as well.

The concern, of course, is security. When consumers learn that their bank information may be tied to their household information, they immediately think about the possibility of a hack. In such a situation, the hacker would know a lot about your finances and how your home is managed. Thieves with that kind of information could practically wipe out a victim’s entire net worth.

This is part of the reason why we’ll continue to see multi-layer biometric authentication become more mainstream over the next several years.

Young people could be the least trusting because they’re the most tech-savvy — they understand that hackers are creative, relentless – and have a multitude of tools at their disposal. For everyone else, banks and credit unions are already employing technologies that assuage fears. But they’ll have to work hard to assure future generations that they’re a safe bet in the digital world.

--

Compliance and Your Credit Union

Does your credit union:

• Face an daunting burden of regulatory requests?• Struggle to manage the multiple experts inside and outside your organization who must respond to exam requests?• Use email for regulatory communication -- possibly opening yourself to legal discovery?• Receive the same request more than once but provide a different answer each time?